Professional Documents
Culture Documents
Troubleshooting
Library
Compilation
of
Juniper
SRX
Troubleshooting
Configurations
and
Commands
Ben
Boyd
Network
Engineer
www.sinatranetwork.com
Table
of
Contents
Copyright
...........................................................................................................................................................
5
Acknowledgements
and
Thanks
...............................................................................................................
5
Configuration
Mode
.......................................................................................................................................
6
Verify
the
Last
Committed
Configuration
...........................................................................................................
6
show
configuration
......................................................................................................................................................................
6
show
system
commit
..................................................................................................................................................................
6
show
configuration
|
compare
rollback
x
..........................................................................................................................
7
show
configuration
|
display
set
............................................................................................................................................
7
Verify
Logs
Are
Built
..................................................................................................................................................
8
messages
log
configuration
......................................................................................................................................................
8
interactive-commands
log
configuration
...........................................................................................................................
8
blocked-traffic
log
configuration
...........................................................................................................................................
8
security
log
configuration
.........................................................................................................................................................
9
Verify
Traceoptions
Are
Built
..............................................................................................................................
10
security
flow
traceoptions
......................................................................................................................................................
10
ospf
traceoptions
........................................................................................................................................................................
10
Operational
Mode
.........................................................................................................................................
11
Log
Commands
..........................................................................................................................................................
11
show
log
messages
.....................................................................................................................................................................
11
show
log
interactive-commands
..........................................................................................................................................
11
show
log
jsrpd
..............................................................................................................................................................................
12
show
log
chassisd
.......................................................................................................................................................................
12
show
system
boot-messages
.................................................................................................................................................
12
monitor
(start|stop)
xyz
..........................................................................................................................................................
13
clear
log
xyz
..................................................................................................................................................................................
13
show
log
examples
.....................................................................................................................................................................
13
Alarm
Commands
....................................................................................................................................................
14
show
chassis
alarms
..................................................................................................................................................................
14
show
system
alarms
..................................................................................................................................................................
14
show
system
core-dumps
.......................................................................................................................................................
14
Hardware
Commands
.............................................................................................................................................
15
show
chassis
hardware
detail
...............................................................................................................................................
15
show
chassis
environment
.....................................................................................................................................................
15
show
chassis
fan
.........................................................................................................................................................................
16
Software
&
Firmware
Commands
......................................................................................................................
17
show
version
................................................................................................................................................................................
17
show
chassis
firmware
.............................................................................................................................................................
17
show
system
software
detail
.................................................................................................................................................
17
Usage
Statistics
Commands
..................................................................................................................................
19
show
chassis
routing-engine
.................................................................................................................................................
19
show
system
uptime
.................................................................................................................................................................
19
show
system
buffers
.................................................................................................................................................................
20
SRX
Troubleshooting
Library
Page
2
show
system
virtual-memory
...............................................................................................................................................
20
show
system
processes
............................................................................................................................................................
20
show
security
idp
memory
.....................................................................................................................................................
21
show
security
monitoring
performance
session
..........................................................................................................
21
show
security
monitoring
performance
spu
..................................................................................................................
22
show
security
monitoring
fpc
X
...........................................................................................................................................
22
Cluster
Commands
..................................................................................................................................................
23
show
chassis
cluster
status
....................................................................................................................................................
23
show
chassis
cluster
interfaces
............................................................................................................................................
23
show
chassis
cluster
statistics
..............................................................................................................................................
24
show
chassis
cluster
information
........................................................................................................................................
24
Interface
Commands
...............................................................................................................................................
26
show
interfaces
terse
|
match
reth
.....................................................................................................................................
26
show
interfaces
terse
|
match
inet
......................................................................................................................................
26
show
interfaces
ww-X/Y/Z
|
match
zone
.........................................................................................................................
26
show
interfaces
ww-X/Y/Z
extensive
...............................................................................................................................
26
monitor
interface
ww-X/Y/Z
................................................................................................................................................
28
monitor
traffic
interface
ww-X/Y/Z
...................................................................................................................................
28
monitor
interface
traffic
..........................................................................................................................................................
29
Routing
Commands
.................................................................................................................................................
30
show
ospf
neighbor
(instance
xyz)
.....................................................................................................................................
30
show
ospf
database
(instance
xyz)
.....................................................................................................................................
30
show
ospf
route
(instance
xyz)
............................................................................................................................................
30
show
ospf
statistics
(instance
xyz)
.....................................................................................................................................
31
show
route
[prefix]
(table
xyz)
detail
................................................................................................................................
31
show
route
protocol
(ospf
|bgp|static)
.............................................................................................................................
31
ping
[destination]
(routing-instance
xyz)
........................................................................................................................
32
traceroute
[destination]
(routing-instance
xyz)
(rapid)
(count
x)
(size
y)
......................................................
32
Security
Commands
................................................................................................................................................
33
show
security
zones
detail
.....................................................................................................................................................
33
show
security
flow
statistics
.................................................................................................................................................
33
show
security
flow
session
summary
................................................................................................................................
34
show
security
flow
session
(application|destination-prefix|source-prefix|)
...............................................
34
show
security
alg
status
..........................................................................................................................................................
35
show
security
nat
source
rule
all
.........................................................................................................................................
36
show
security
nat
destination
rule
all
...............................................................................................................................
36
show
security
nat
static
rule
all
...........................................................................................................................................
36
show
security
policies
(from-zone|policy-name|to-zone)
.......................................................................................
37
Contacting
JTAC
To
Open
A
Technical
Support
Case
....................................................................................
38
Case
Opening
Procedure
.........................................................................................................................................................
38
request
support
information
|
save
rsi_[date].txt
........................................................................................................
38
Action
Commands
....................................................................................................................................................
39
set
chassis
cluster
cluster-id
1
node
1
reboot
................................................................................................................
39
request
chassis
cluster
failover
redundancy-group
1
node
1
.................................................................................
39
request
chassis
cluster
failover
reset
redundancy-group
1
.....................................................................................
39
SRX
Troubleshooting
Library
Page
3
request
system
reboot
..............................................................................................................................................................
39
request
system
halt
(request
system
power-off)
.........................................................................................................
39
request
routing-engine
login
node
1
..................................................................................................................................
39
request
chassis
pic
fpc-slot
0
pic-slot
0
offline
..............................................................................................................
39
request
system
software
add
(location
of
image)
no-validate
no-copy
reboot
..............................................
39
My bosses past and present: Rachelle Summers, Joe Soricelli, Doug Marshke, and John Hasty.
The Juniper J-NET forum community and the Juniper twitter community.
If
there
have
been
changes
in
the
portion
of
configuration
that
is
related
to
the
issue
youre
troubleshooting,
verifying
the
configuration
starts
you
in
the
right
place.
If
there
havent
been
any
changes
recently
and
the
configuration
looks
correct,
then
you
know
youre
dealing
with
a
possible
hardware
issue
or
something
not
related
to
the
SRX
at
all.
show
configuration
This
operational-mode
command
will
show
you
the
current
running
configuration
as
well
as
who
committed
this
configuration.
##
Last
commit:
2010-09-09
08:26:46
UTC
by
ben
version
10.0R3.10;
system
{
host-name
olive100;
root-authentication
{
encrypted-password
"$1$oafr8h7n$8h2yOCgqdtl7AIZHjloOh1";
##
SECRET-DATA
}
name-server
{
208.67.222.222;
}
ben@olive100>
show
configuration
|
compare
rollback
2
[edit]
+
security
{
+
flow
{
+
inactive:
traceoptions
{
+
file
flow_trace
size
5m
files
20
world-readable;
+
flag
basic-datapath;
+
packet-filter
to
{
+
source-prefix
1.1.1.1/32;
+
destination-prefix
2.2.2.2/32;
+
}
ben@olive100>
show
configuration
|
display
set
set
version
10.0R3.10
set
system
host-name
olive100
set
system
root-authentication
encrypted-password
"$1$oafr8h7n$8h2yOCgqdtl7AIZHjloOh1"
set
system
name-server
208.67.222.222
ben@olive100>
show
configuration
system
syslog
file
messages
any
notice;
authorization
info;
ben@olive100>
show
configuration
system
syslog
file
interactive-commands
interactive-commands
any;
ben@olive100>
show
configuration
system
syslog
file
blocked-traffic
any
any;
match
RT_FLOW_SESSION_DENY;
structured-data;
ben@olive100>
show
configuration
security
log
mode
stream;
format
sd-syslog;
source-address
10.203.234.2;
stream
STRM
{
severity
info;
format
sd-syslog;
category
all;
host
{
10.203.234.4;
port
514;
}
}
ben@olive100>
show
configuration
security
flow
traceoptions
file
flow_trace
size
5m
files
20
world-readable;
flag
basic-datapath;
packet-filter
to
{
source-prefix
1.1.1.1/32;
destination-prefix
2.2.2.2/32;
}
packet-filter
from
{
source-prefix
2.2.2.2/32;
destination-prefix
1.1.1.1/32;
}
ospf
traceoptions
If
OSPF
is
flapping
or
not
exactly
working
right
and
you
want
more
information
than
what
is
shown
in
the
messages
log
(OSPF
is
down),
then
create
a
ospf
specific
traceoptions
that
captures
the
details
of
the
OSPF
operation.
ben@olive100>
show
configuration
protocols
ospf
traceoptions
file
ospf_trace
size
3m
files
10
world-readable;
flag
all;
flag
state;
flag
spf;
flag
timer;
flag
task;
This
library
doesnt
include
every
command,
but
it
does
include
the
bulk
of
operational
troubleshooting
commands
youll
need
when
encountering
issues
in
your
network.
As
with
most
network
operating
systems,
navigating
commands
with
the
?
key
is
extremely
helpful.
Log
Commands
JUNOS
logs
are
very
helpful
if
they
are
configured
correctly
(see
Configurations
section
above).
This
section
shows
how
to
view
each
of
the
relevant
logs
when
dealing
with
issues
within
an
SRX.
ben@olive100>
show
log
messages
Sep
10
04:00:00
olive100
newsyslog[17631]:
logfile
turned
over
due
to
size>1024K
Sep
10
04:00:06
olive100
/kernel:
Process
(14175,pkid)
attempted
to
exceed
RLIMIT_DATA:
attempted
131136
KB
Max
131072
KB
Sep
10
04:05:06
olive100
/kernel:
Process
(14175,pkid)
attempted
to
exceed
RLIMIT_DATA:
attempted
131136
KB
Max
131072
KB
Sep
10
04:10:06
olive100
/kernel:
Process
(14175,pkid)
attempted
to
exceed
RLIMIT_DATA:
attempted
131136
KB
Max
131072
KB
Sep
10
04:15:06
ben@olive100>
show
log
interactive-commands
Sep
4
17:00:00
olive100
newsyslog[14730]:
logfile
turned
over
due
to
size>1024K
Sep
4
17:41:01
olive100
mgd[14422]:
UI_CMDLINE_READ_LINE:
User
'ben',
command
'rollback
0
'
Sep
4
17:41:01
olive100
mgd[14422]:
UI_LOAD_EVENT:
User
'ben'
is
performing
a
'rollback'
Sep
4
17:41:02
olive100
mgd[14422]:
UI_CMDLINE_READ_LINE:
User
'ben',
command
'exit
'
ben@olive100>
show
log
jsrpd
Nov
17
15:10:53
successfully
set
default
traceoptions
cfg
Nov
17
15:10:53
JSRPD
release
10.1R1.8
built
by
builder
on
2010-02-12
17:29:39
UTC
starting,
pid
1110
Nov
17
15:10:53
node
id
invalid,
cluster-id
0
in
kernel
Nov
17
15:10:53
Control
interface
name
em0
with
index
0
ben@olive100>
show
log
chassisd
Dec
9
19:52:41
ge-1/0/6:
large
delay
buffer
cleared
Dec
9
19:52:41
ge-1/0/6:
ingress
queueing
cleared
for
QDPC
Dec
9
19:52:41
CHASSISD_IFDEV_CREATE_NOTICE:
create_pics:
created
interface
device
for
ge-
1/0/7
ben@olive100>
show
system
boot-messages
Copyright
(c)
1996-2010,
Juniper
Networks,
Inc.
All
rights
reserved.
Copyright
(c)
1992-2006
The
FreeBSD
Project.
Copyright
(c)
1979,
1980,
1983,
1986,
1988,
1989,
1991,
1992,
1993,
1994
The
Regents
of
the
University
of
California.
All
rights
reserved.
JUNOS
10.0R3.10
#0:
2010-04-16
07:17:53
UTC
builder@ormonth.juniper.net:/volume/build/junos/10.0/release/10.0R3.10/obj-
i386/bsd/sys/compile/JSR
Timecounter
"i8254"
frequency
1193182
Hz
quality
0
CPU:
Intel(R)
Core(TM)2
Duo
CPU
P7550
@
2.26GHz
(2257.38-MHz
686-class
CPU)
ben@olive100>
monitor
start
messages
ben@olive100>
clear
log
interactive-commands
ben@sinatra-fw1-node0>
show
log
messages
|
match
alarm
Feb
23
14:32:53
sinatra-fw1-node0
craftd[1157]:
Minor
alarm
set,
Host
0
Temperature
Warm
Feb
23
14:32:58
sinatra-fw1-node0
alarmd[1108]:
Alarm
cleared:
RE
color=YELLOW,
class=CHASSIS,
reason=Host
0
Temperature
Warm
Feb
23
14:32:58
sinatra-fw1-node0
craftd[1157]:
Minor
alarm
cleared,
Host
0
Temperature
Warm
ben@sinatra-fw1-node0>
show
log
interactive-commands
|
last
5
Feb
24
14:05:43
sinatra-fw1-node0
mgd[7314]:
UI_CMDLINE_READ_LINE:
User
'ben',
command
'show
log
messages
|
match
alarm
'
Feb
24
14:06:51
sinatra-fw1-node0
mgd[7314]:
UI_CMDLINE_READ_LINE:
User
'ben',
command
'show
log
interactive-commands
|
last
5
'
ben@sinatra-fw1-node0>
show
log
messages
|
find
14:05
Feb
24
14:05:37
sinatra-fw1-node0
sshd[7310]:
Accepted
password
for
ben
from
10.0.100.3
port
57952
ssh2
ben@olive100>
show
chassis
alarms
2
alarms
currently
active
Alarm
time
Class
Description
2010-08-27
21:24:52
UTC
Major
Jseries
Chassis
fan
Failure
2010-08-27
21:24:52
UTC
Major
Jseries
CPU
fan
Failure
ben@olive100>
show
system
alarms
3
alarms
currently
active
Alarm
time
Class
Description
2010-08-27
21:24:52
UTC
Major
Jseries
Chassis
fan
Failure
2010-08-27
21:24:52
UTC
Major
Jseries
CPU
fan
Failure
2010-08-27
21:24:19
UTC
Minor
Rescue
configuration
is
not
set
ben@olive100>
show
system
core-dumps
/var/crash/*core*:
No
such
file
or
directory
-rw-rw----
1
root
wheel
654693
Sep
4
03:16
/var/tmp/flowd_hm.core.0.gz
-rw-rw----
1
root
wheel
654696
Sep
4
03:16
/var/tmp/flowd_hm.core.1.gz
-rw-rw----
1
root
wheel
654693
Sep
4
03:16
/var/tmp/flowd_hm.core.2.gz
/var/crash/kernel.*:
No
such
file
or
directory
/tftpboot/corefiles/*core*:
No
such
file
or
directory
total
3
juniper@cascrmdinet50rd-f1>
show
chassis
hardware
detail
node0:
--------------------------------------------------------------------------
Hardware
inventory:
Item
Version
Part
number
Serial
number
Description
Chassis
JN11A270DAGA
SRX
5800
Midplane
REV
01
710-024803
ABAB4976
SRX
5800
Backplane
FPM
Board
REV
01
710-024632
YG4935
Front
Panel
Display
PDM
Rev
03
740-013110
QCS142350CF
Power
Distribution
Module
PEM
0
Rev
03
740-023514
QCS1401E00H
PS
1.7kW;
200-240VAC
in
node1:
--------------------------------------------------------------------------
Hardware
inventory:
Item
Version
Part
number
Serial
number
Description
Chassis
JN11A2706AGA
SRX
5800
Midplane
REV
01
710-024803
ABAB4980
SRX
5800
Backplane
FPM
Board
REV
01
710-024632
YF9526
Front
Panel
Display
PDM
Rev
03
740-013110
QCS142350BP
Power
Distribution
Module
PEM
0
Rev
03
740-023514
QCS1435E00W
PS
1.7kW;
200-240VAC
in
juniper@cascrmdinet50rd-f1>
show
chassis
environment
node0:
--------------------------------------------------------------------------
Class
Item
Status
Measurement
Temp
PEM
0
OK
40
degrees
C
/
104
degrees
F
PEM
2
OK
35
degrees
C
/
95
degrees
F
juniper@cascrmdinet50rd-f1>
show
chassis
fan
node0:
--------------------------------------------------------------------------
Item
Status
RPM
Measurement
Top
Tray
Fan
1
OK
2896
Spinning
at
normal
speed
node1:
--------------------------------------------------------------------------
Item
Status
RPM
Measurement
Top
Tray
Fan
1
OK
2880
Spinning
at
normal
speed
show
version
This
command
shows
the
version
of
JUNOS
loaded
on
the
SRX.
ben@olive100>
show
version
Hostname:
olive100
Model:
j4300
JUNOS
Software
Release
[10.0R3.10]
juniper@cascrmdinet50rd-f1>
show
chassis
firmware
node0:
--------------------------------------------------------------------------
Part
Type
Version
FPC
1
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
FPC
9
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
FPC
10
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
node1:
--------------------------------------------------------------------------
Part
Type
Version
FPC
1
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
FPC
9
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
FPC
10
ROM
Juniper
ROM
Monitor
Version
9.5b1
O/S
Version
10.2R3.10
by
builder
on
2010-10-16
ben@olive100>
show
chassis
routing-engine
Routing
Engine
status:
Total
memory
1024
MB
Max
502
MB
used
(
49
percent)
Control
plane
memory
594
MB
Max
499
MB
used
(
84
percent)
Data
plane
memory
430
MB
Max
0
MB
used
(
0
percent)
CPU
utilization:
User
81
percent
Real-time
threads
0
percent
Kernel
19
percent
Idle
0
percent
Start
time
2010-08-27
21:23:43
UTC
Uptime
13
days,
18
hours,
31
minutes,
58
seconds
Last
reboot
reason
0x8:power-button
hard
power
off
Load
averages:
1
minute
5
minute
15
minute
1.00
1.00
1.00
ben@olive100>
show
system
uptime
Current
time:
2010-09-10
15:55:19
UTC
System
booted:
2010-08-27
21:23:43
UTC
(1w6d
18:31
ago)
Protocols
started:
2010-08-27
21:24:21
UTC
(1w6d
18:30
ago)
Last
configured:
2010-09-10
14:02:18
UTC
(01:53:01
ago)
by
ben
3:55PM
up
13
days,
18:32,
1
user,
load
averages:
1.00,
1.00,
1.00
ben@olive100>
show
system
buffers
1875/315/2190
mbufs
in
use
(current/cache/total)
1539/147/1686/20640
mbuf
clusters
in
use
(current/cache/total/max)
1536/128
mbuf+clusters
out
of
packet
secondary
zone
in
use
(current/cache)
0/0/0/0
4k
(page
size)
jumbo
clusters
in
use
(current/cache/total/max)
0/0/0/0
9k
jumbo
clusters
in
use
(current/cache/total/max)
0/0/0/0
16k
jumbo
clusters
in
use
(current/cache/total/max)
3546K/372K/3919K
bytes
allocated
to
network
(current/cache/total)
0/0/0
requests
for
mbufs
denied
(mbufs/clusters/mbuf+clusters)
0/0/0
requests
for
jumbo
clusters
denied
(4k/9k/16k)
0/4/640
sfbufs
in
use
(current/peak/max)
0
requests
for
sfbufs
denied
0
requests
for
sfbufs
delayed
0
requests
for
I/O
initiated
by
sendfile
0
calls
to
protocol
drain
routines
ben@olive100>
show
system
virtual-memory
Type
InUse
MemUse
HighUse
Requests
Size(s)
ata_dma
2
1K
-
2
256
file
desc
117
25K
-
25635
16,1024,2048,16384
proc-args
45
2K
-
16515
16,32,64,128,256,512,1024,2048,4096
849545997
cpu
context
switches
1494111802
device
interrupts
78308832
software
interrupts
5881305
traps
4257155619
system
calls
50
kernel
threads
created
ben@olive100>
show
system
processes
SRX
Troubleshooting
Library
Page
20
PID
TT
STAT
TIME
COMMAND
0
??
WLs
0:00.00
[swapper]
1
??
ILs
0:01.19
/junos/sbin/init
-D/junos
--
2
??
DL
0:33.36
[g_event]
juniper@cascrmdinet50rd-f1>
show
security
idp
memory
node0:
--------------------------------------------------------------------------
IDP
data
plane
memory
statistics:
PIC
:
FPC
11
PIC
1:
Total
IDP
data
plane
memory
:
515
MB
Used
:
40
MB
(
40960
KB
)
(
7.77%)
Available
:
475
MB
(
486400
KB
)
(
92.23%)
PIC
:
FPC
11
PIC
0:
juniper@cascrmdinet50rd-f1>
show
security
monitoring
performance
session
node0:
--------------------------------------------------------------------------
fpc
9
pic
1
Last
60
seconds:
0:
2412
1:
2360
2:
2419
3:
2350
4:
2433
5:
2379
6:
2431
7:
2369
8:
2434
9:
2373
10:
2436
11:
2375
12:
2423
13:
2361
14:
2409
15:
2350
16:
2415
17:
2358
18:
2409
19:
2344
20:
2404
21:
2346
22:
2439
23:
2381
24:
2465
25:
2400
26:
2464
27:
2402
28:
2476
29:
2405
30:
2483
31:
2426
32:
2495
33:
2425
34:
2462
35:
2400
36:
2480
37:
2418
38:
2569
39:
2513
40:
2571
41:
2509
42:
2575
43:
2518
44:
2578
45:
2519
46:
2561
47:
2506
48:
2563
49:
2501
50:
2545
51:
2480
52:
2545
53:
2492
54:
2562
55:
2504
56:
2563
57:
2507
58:
2562
59:
2504
juniper@cascrmdinet50rd-f1>
show
security
monitoring
performance
spu
node0:
--------------------------------------------------------------------------
fpc
11
pic
0
Last
60
seconds:
0:
2
1:
2
2:
3
3:
2
4:
2
5:
1
6:
2
7:
2
8:
3
9:
3
10:
2
11:
2
12:
2
13:
3
14:
4
15:
3
16:
3
17:
3
18:
3
19:
3
20:
3
21:
2
22:
2
23:
3
24:
3
25:
3
26:
2
27:
2
28:
3
29:
2
30:
3
31:
4
32:
4
33:
3
34:
2
35:
3
36:
3
37:
2
38:
2
39:
2
40:
2
41:
2
42:
3
43:
3
44:
3
45:
3
46:
3
47:
4
48:
3
49:
2
50:
2
51:
3
52:
2
53:
1
54:
2
55:
2
56:
2
57:
2
58:
3
59:
3
juniper@cascrmdinet50rd-f1>
show
security
monitoring
fpc
9
|
no-more
node0:
--------------------------------------------------------------------------
FPC
9
PIC
0
CPU
utilization
:
0
%
Memory
utilization
:
81
%
Current
flow
session
:
0
Max
flow
session
:
0
Current
CP
session
:
11453
Max
CP
session
:
10485760
PIC
1
CPU
utilization
:
0
%
Memory
utilization
:
64
%
Current
flow
session
:
2369
Max
flow
session
:
1048576
Current
CP
session
:
0
Max
CP
session
:
0
juniper@cascrmdinet50rd-f1>
show
chassis
cluster
interfaces
Control
link
0
name:
em0
Control
link
1
name:
em1
Control
link
status:
Up
Fabric
interfaces:
Name
Child-interface
Status
fab0
ge-1/0/15
up
fab1
ge-13/0/15
up
Fabric
link
status:
Up
Redundant-ethernet
Information:
Name
Status
Redundancy-group
reth0
Down
Not
configured
reth1
Up
1
juniper@cascrmdinet50rd-f1>
show
chassis
cluster
statistics
Control
link
statistics:
Control
link
0:
Heartbeat
packets
sent:
1474309
Heartbeat
packets
received:
1473945
Heartbeat
packet
errors:
0
Control
link
1:
Heartbeat
packets
sent:
0
Heartbeat
packets
received:
0
Heartbeat
packet
errors:
0
Fabric
link
statistics:
Probes
sent:
1474291
Probes
received:
1272362
Probe
errors:
0
Services
Synchronized:
Service
name
RTOs
sent
RTOs
received
Translation
context
0
0
Incoming
NAT
0
0
Resource
manager
0
0
Session
create
0
181353670
juniper@cascrmdinet50rd-f1>
show
chassis
cluster
statistics
Control
link
statistics:
Control
link
0:
Heartbeat
packets
sent:
1474309
Heartbeat
packets
received:
1473945
SRX
Troubleshooting
Library
Page
24
Heartbeat
packet
errors:
0
Control
link
1:
Heartbeat
packets
sent:
0
Heartbeat
packets
received:
0
Heartbeat
packet
errors:
0
Fabric
link
statistics:
Probes
sent:
1474291
Probes
received:
1272362
Probe
errors:
0
Services
Synchronized:
Service
name
RTOs
sent
RTOs
received
Translation
context
0
0
Incoming
NAT
0
0
Resource
manager
0
0
Session
create
0
181353670
juniper@cascrmdinet50rd-f1>
show
interfaces
terse
|
match
reth
ge-1/0/0.0
up
up
aenet
-->
reth1.0
ge-13/0/0.0
up
up
aenet
-->
reth1.0
reth0
up
down
reth1
up
up
reth1.0
up
up
inet
10.255.51.183/28
juniper@cascrmdinet50rd-f1>
show
interfaces
terse
|
match
inet
em0.0
up
up
inet
129.16.0.1/2
em1.0
up
up
inet
129.16.0.1/2
reth1.0
up
up
inet
10.255.51.183/28
reth2.0
up
up
inet
10.255.51.167/28
reth10.0
up
up
inet
162.115.8.210/23
juniper@cascrmdinet50rd-f1>
show
interfaces
reth1
|
match
zone
Security:
Zone:
red
cascrmdinet50rd-f1
Seconds:
4
Time:
23:01:15
Delay:
0/0/2
Interface:
reth1,
Enabled,
Link
is
Up
Encapsulation:
Ethernet,
Speed:
1000mbps
Traffic
statistics:
Current
delta
Input
bytes:
788500518244
(8939808
bps)
[3711746]
Output
bytes:
8887432578672
(98848840
bps)
[42499178]
Input
packets:
4924386289
(6933
pps)
[23352]
Output
packets:
7892464225
(11443
pps)
[38473]
Error
statistics:
Input
errors:
0
[0]
Input
drops:
0
[0]
Input
framing
errors:
0
[0]
Carrier
transitions:
0
[0]
Output
errors:
0
[0]
Output
drops:
0
[0]
juniper@cascrmdinet50rd-f1>
monitor
traffic
interface
reth1
Listening
on
reth1,
capture
size
96
bytes
Reverse
lookup
for
10.255.51.183
failed
(check
DNS
reachability).
Other
reverse
lookup
failures
will
not
be
reported.
Use
<no-resolve>
to
avoid
reverse
lookups
on
IP
addresses.
23:02:04.599618
Out
IP
truncated-ip
-
12
bytes
missing!
10.255.51.183
>
OSPF-ALL.MCAST.NET:
OSPFv2,
Hello,
length
52
23:02:05.570679
In
IP
10.255.51.178
>
OSPF-DSIG.MCAST.NET:
OSPFv2,
LS-Update,
length
56
23:02:05.570691
In
IP
10.255.51.179
>
OSPF-ALL.MCAST.NET:
OSPFv2,
LS-Update,
length
56
23:02:05.605954
In
IP
10.255.51.178
>
OSPF-DSIG.MCAST.NET:
OSPFv2,
LS-Update,
length
56
cascrmdinet50rd-f1
Seconds:
6
Time:
23:03:48
Interface
Link
Input
packets
(pps)
Output
packets
(pps)
ge-1/0/0
Up
1787893
(0)
0
(0)
ge-1/0/1
Down
0
(0)
0
(0)
ge-1/0/2
Up
1760802
(0)
0
(0)
ge-1/0/3
Down
0
(0)
0
(0)
ge-1/0/14
Up
11340070
(14)
0
(0)
ge-1/0/15
Up
0
(0)
4049328
(5)
mt-9/0/0
Down
0
(0)
0
(0)
ge-13/0/0
Up
4923779005
(7035)
7894549362
(10754)
ge-13/0/1
Down
0
(0)
0
(0)
ge-13/0/2
Up
7900541604
(10751)
4910745880
(7025)
ge-13/0/3
Down
0
(0)
0
(0)
ge-13/0/14
Up
11374760
(15)
167351779
(634)
ge-13/0/15
Up
0
(0)
366188899
(654)
mt-21/0/0
Down
0
(0)
0
(0)
juniper@cascrmdinet50rd-f1>
show
ospf
neighbor
instance
prod-vr
Address
Interface
State
ID
Pri
Dead
10.255.51.178
reth1.0
Full
10.255.63.5
10
38
10.255.51.179
reth1.0
Full
10.255.63.6
5
33
10.255.51.162
reth2.0
Full
10.255.63.11
10
37
10.255.51.163
reth2.0
Full
10.255.63.12
5
31
juniper@cascrmdinet50rd-f1>
show
ospf
database
instance
prod-vr
OSPF
database,
Area
0.0.0.0
Type
ID
Adv
Rtr
Seq
Age
Opt
Cksum
Len
Router
10.254.64.46
10.254.64.46
0x80000940
155
0x2
0xd437
72
Router
10.254.64.47
10.254.64.47
0x80000940
157
0x2
0x17f0
72
Router
10.254.115.120
10.254.115.120
0x8000022b
861
0x2
0x5c6f
72
juniper@cascrmdinet50rd-f1>
show
ospf
route
instance
prod-vr
Topology
default
Route
Table:
Prefix
Path
Route
NH
Metric
NextHop
Nexthop
Type
Type
Type
Interface
Address/LSP
10.254.64.46
Intra
AS
BR
IP
81
reth2.0
10.255.51.162
10.254.64.47
Intra
Router
IP
81
reth2.0
10.255.51.162
10.254.115.120
Intra
Router
IP
81
reth2.0
10.255.51.162
juniper@cascrmdinet50rd-f1>
show
ospf
statistics
instance
prod-vr
Packet
type
Total
Last
5
seconds
Sent
Received
Sent
Received
Hello
337689
605605
2
1
DbD
3995
3960
0
0
LSReq
125
2
0
0
LSUpdate
393445
1033018
0
0
juniper@cascrmdinet50rd-f1>
show
route
0.0.0.0
table
prod-vr
detail
prod-vr.inet.0:
2077
destinations,
2077
routes
(2077
active,
0
holddown,
0
hidden)
0.0.0.0/0
(1
entry,
1
announced)
*OSPF
Preference:
150
Next
hop
type:
Router,
Next
hop
index:
599
Next-hop
reference
count:
2895
Next
hop:
10.255.51.178
via
reth1.0,
selected
State:
<Active
Int
Ext>
Age:
1w2d
1:13:45
Metric:
501
Tag:
1
Task:
prod-vr-OSPF
Announcement
bits
(1):
2-KRT
AS
path:
I
juniper@cascrmdinet50rd-f1>
show
route
protocol
static
inet.0:
7
destinations,
7
routes
(6
active,
0
holddown,
1
hidden)
+
=
Active
Route,
-
=
Last
Active,
*
=
Both
SRX
Troubleshooting
Library
Page
31
0.0.0.0/0
*[Static/5]
2w3d
02:33:03
>
to
162.115.8.1
via
fxp0.0
162.115.9.31/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
162.115.9.36/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
162.115.9.221/32
*[Static/5]
2w3d
02:33:03
to
table
logging.inet.0
logging.inet.0:
3
destinations,
3
routes
(3
active,
0
holddown,
0
hidden)
+
=
Active
Route,
-
=
Last
Active,
*
=
Both
0.0.0.0/0
*[Static/5]
1w2d
01:25:59
>
to
162.115.8.1
via
reth10.0
prod-vr.inet.0:
2077
destinations,
2077
routes
(2077
active,
0
holddown,
0
hidden)
+
=
Active
Route,
-
=
Last
Active,
*
=
Both
162.115.40.1/32
*[Static/5]
1w2d
01:26:00
>
to
10.255.51.178
via
reth1.0
{primary:node0}
juniper@cascrmdinet50rd-f1>
ping
10.255.51.178
routing-instance
prod-vr
PING
10.255.51.178
(10.255.51.178):
56
data
bytes
64
bytes
from
10.255.51.178:
icmp_seq=0
ttl=255
time=2.092
ms
64
bytes
from
10.255.51.178:
icmp_seq=1
ttl=255
time=2.092
ms
^C
---
10.255.51.178
ping
statistics
---
2
packets
transmitted,
2
packets
received,
0%
packet
loss
round-trip
min/avg/max/stddev
=
2.092/2.092/2.092/0.000
ms
juniper@cascrmdinet50rd-f1>
traceroute
10.255.51.178
routing-instance
prod-vr
traceroute
to
10.255.51.178
(10.255.51.178),
30
hops
max,
40
byte
packets
1
10.255.51.178
(10.255.51.178)
2.447
ms
*
1.948
ms
SRX
Troubleshooting
Library
Page
32
Security
Commands
juniper@cascrmdinet50rd-f1>
show
security
zones
detail
node0:
--------------------------------------------------------------------------
Security
zone:
logging
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth10.0
Security
zone:
red
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth1.0
Security
zone:
yellow
Send
reset
for
non-SYN
session
TCP
packets:
Off
Policy
configurable:
Yes
Interfaces
bound:
1
Interfaces:
reth2.0
juniper@cascrmdpcign-f1>
show
security
flow
statistics
node0:
--------------------------------------------------------------------------
Flow
Statistics
of
FPC9
PIC1:
Current
sessions:
4287
Packets
forwarded:
0
Packets
dropped:
102995758
Fragment
packets:
0
juniper@cascrmdinet50rd-f1>
show
security
flow
session
summary
node0:
--------------------------------------------------------------------------
Flow
Sessions
on
FPC9
PIC1:
Unicast-sessions:
2362
Multicast-sessions:
0
Failed-sessions:
0
Sessions-in-use:
2581
Valid
sessions:
2344
Pending
sessions:
0
Invalidated
sessions:
219
Sessions
in
other
states:
0
Maximum-sessions:
1048576
juniper@cascrmdinet50rd-f1>
show
security
alg
status
ALG
Status
:
DNS
:
Enabled
FTP
:
Enabled
H323
:
Disabled
MGCP
:
Disabled
MSRPC
:
Enabled
PPTP
:
Enabled
RSH
:
Enabled
RTSP
:
Disabled
SCCP
:
Disabled
SIP
:
Disabled
SQL
:
Enabled
SUNRPC
:
Enabled
TALK
:
Enabled
TFTP
:
Enabled
IKE-ESP
:
Disabled
juniper@cascrmdinet50rd-f1>
show
security
nat
source
rule
all
node1:
--------------------------------------------------------------------------
Total
rules:
2
source
NAT
rule:
1
Rule-set:
sdc-outbound-nat
Rule-Id
:
3
Rule
position
:
1
From
zone
:
yellow
To
zone
:
red
Match
Source
addresses
:
10.255.9.0
-
10.255.9.127
Destination
addresses
:
69.78.139.61
-
69.78.139.61
96.6.134.98
-
96.6.134.98
Destination
port
:
0
-
0
Action
:
pool1
Persistent
NAT
type
:
N/A
Persistent
NAT
mapping
type
:
address-port-mapping
Inactivity
timeout
:
0
Max
session
number
:
0
Translation
hits
:
69518
juniper@cascrmdinet50rd-f1>
show
security
nat
destination
rule
all
node0:
--------------------------------------------------------------------------
Total
destination-nat
rules:
0
juniper@cascrmdinet50rd-f1>
show
security
nat
static
rule
all
node0:
--------------------------------------------------------------------------
SRX
Troubleshooting
Library
Page
36
Total
static-nat
rules:
0
ben@olive100>
show
security
policies
policy-name
1
From
zone:
blah,
To
zone:
boo
Policy:
1,
State:
enabled,
Index:
4,
Sequence
number:
1
Source
addresses:
any
Destination
addresses:
any
Applications:
any
Action:
permit